A (short) ProStores review: Security issues and poor support

I recently used Prostores for an e-commerce site for a client. “An eBay company”, it says. They have to be pretty legit, right? Umm, not necessarily.

Security Problems

First, while doing some tune-ups for my client, I happened to notice that their store login page is susceptible to a simple Javascript XSS attack. I’m no hacking pro, but this is Web Security 101. Actually, it’s remedial Web security. To have that kind of vulnerability on an e-commerce site is pretty terrible, and on an eBay-branded site, is downright embarrassing.

So to the layperson, all of this this means a customer could easily get duped and have their info swiped, or perhaps their store wrecked, merchant account hijacked, customers’ personal data stolen, etc.

That’s enough of a deal-breaker for me.

Clueless Support

When I called their support today, the poor girl on the phone had no idea what I meant when I asked if my ProStores account could be hosted on a subdomain of an existing domain, i.e. store.awesome-company.com. (This is not a highly technical question in the hosting world). I had to explain everything to her about five times and the resolution was to file a ticket. No, the advanced support guy she had just conferred with was not available to talk to me. Like, duh.

And if you were wondering, oh wayward Internet traveler: it turns out you can’t host your Prostores site on a subdomain. It’s a pretty common, useful feature; this, too, is a deal-breaker, ladies. Ess that dee.

Update 7/2013: The security issue described above had since been fixed.